from the one-step-forward,-one-step-back dept

One of the most important pieces of legislation wending its way through the European Parliament concerns data protection. Because of its potential impact on major US companies like Google and Facebook, this has become one of the most fought-over proposals in the history of the EU, with lobbyists apparently writing large chunks of suggested amendments more favorable to online services. And all of that was before Snowden's revelations about NSA spying in the EU made data protection an even more politically-sensitive area.

Against that background, a vote that took place yesterday in one of the main European Parliamentary committees, LIBE (handling legislation concerning civil liberties), was important for the indications it gave about the current mood there. Where before the concerted lobbying campaign seemed to have managed to water down the proposals, now the Snowden Effect was in evidence, as the committee beefed up privacy protection for the public. A post on the European Digital Rights (EDRI) blog wrote:

We applaud Parliamentarians for supporting -- and even improving -- several important and valuable elements of the original Commission proposal. We are particularly happy that the Committee chose to overturn the Commission's proposal to allow Member States the scope to exempt themselves from the rules on profiling.

The parliament's civil liberties committee has come up with nearly 4,000 amendments to the original plan, including increasing the fine to 5% of annual worldwide turnover or €100 million, whichever is greater.

The changes also mean the replacement of the "right to be forgotten" with "the right of erasure", seen as a lesser obligation.

…

Parliament, in line with the Commission's proposals, also wants to impose strict rules on how data is shared or transferred to non-EU countries. For example, if the United States wants access to information held by Google or Yahoo! about a European citizen based in Europe, the firm would have to seek authorisation from a European data authority first.

That would establish an extra, EU-controlled gateway that might go some way to assuaging the profound concerns raised in Europe about U.S. data spying activities revealed via the leaks from former U.S. data analyst Edward Snowden.

However, that does not mean the current text is without serious problems, as EDRI emphasizes:

we are shocked and disappointed that Parliamentarians voted to introduce massive loopholes that undermine the whole proposal.

Perhaps the biggest loophole concerns the concept of " legitimate interest" (pdf), which allows a company to use personal data provided it meets "the reasonable expectations of the data subject based on his or her relationship with the [company]". Of course, that is so vague as to be utterly useless -- what does "reasonable expectations" mean in this context? As the draft legislation stands, companies are essentially being given a free pass to do pretty much whatever like with the personal data they gather, despite all the other supposed safeguards.
And there's another serious issue, as noted by La Quadrature du Net:

The Members of the LIBE Committee also made the very disturbing choice of accept the secret tripartite negotiations requested by the rapporteur Jan Philipp Albrecht. The text will now be modified behind closed doors, between the European Commission, the European Parliament and the Council (ministers from the Member States). The latter could use untransparent negotiations to annihilate all the positive provisions of this Regulation, leading to a weak and dangerous final version of this legislation.

In other words, the good parts of the proposals could be watered down or even removed during the secret negotiations with the European Commission and the European Council (representing the EU nations, including data privacy-hostile ones like the UK), something we discussed here on Techdirt before. However, the lead MEP in this area, Jan Philipp Albrecht, insists that this is not an "undemocratic" way of proceeding. EurActive explains when those talks will take place:

Negotiations with EU member states and the European Commission on the law are to start later this year or early in 2014. EU leaders will discuss the issue at a summit in Brussels on Oct. 24-25 and could give some indication then of how quickly they want to proceed.

The aim is to have the legislation agreed before May, when the assembly breaks up and new European Parliament elections are held. However, EU officials are not convinced this is feasible.

So it looks like the great EU Data Protection saga will continue to entertain us for a while, with yet more twists and turns, as opposing forces battle over the key issue of online privacy.

from the a-good-start dept

Earlier this year, about half a dozen different bills were introduced in Congress trying to tame the patent troll problem. Now, Rep. Bob Goodlatte has basically strung together a bunch of the different ideas from those earlier proposed bills to create The Innovation Act of 2013, which includes a bunch of ideas to limit patent trolls. It's a good bill that will definitely do plenty to stop some of the most egregious forms of patent trolling, though it doesn't go nearly far enough in terms of stopping bad patents from being issued in the first place, or allowing all kinds of companies (trolls or not) to attack other innovators. The bill is definitely a step in the right direction -- and it's impressive that Congress really did realize that patent trolling was such a problem, after pretending that it had solved all of the patent system ills a couple years ago with the America Invents Act, which was close to useless.

Among the good things in this bill: (1) in cases of really egregious behavior, the bill will allow for awarding attorneys' fees to the prevailing party. So in cases where a patent troll files a bogus lawsuit as part of the shakedown, the defendant can get attorneys' fees. That's helpful, but it will still require years of fighting and expenses to get to that point. (2) In the lawsuit, suing companies actually have to explain what was infringed and how. I know, it seems crazy that this wasn't a requirement before, but welcome to the insanity that is our patent system. (3) Limiting the discovery process. Discovery can be incredibly expensive, and trolls have leveraged that to burden innovative companies that they're suing. This bill tries to limit the power to abuse discovery, though there are always loopholes. (4) "Transparency of ownership." Basically, patent trolls won't be able to hide behind shell companies as easily as before. (5) It tries to (somewhat) limit the ability of patent trolls to go after end consumers of products (such as the troll claiming it could sue all WiFi users) or the troll going after anyone using a networked printer/scanner. All it really does here is allow the consumers to continue using the products while other stuff gets resolved if the troll has also sued the manufacturer. This means, if it's more lucrative, trolls will just avoid suing the manufacturer and go after the users. Again, this protection is not complete, but it's a step forward.

All of these are useful and positive steps, but won't stop trolling. It will, hopefully, limit the most egregious cases, but we've certainly seen that trolls can get creative in how they troll, so I imagine that, if this becomes law, we'll start to see new methods pop up quickly. That said, it's still a long way from actually passing. The fact that the bill is being introduced with a wide variety of powerful backers -- Reps. Bob Goodlatte, Pete DeFazio, Zoe Lofgren, Jason Chaffetz, Howard Coble, Anna Eshoo, Lamar Smith, Tom Marino and George Holding -- means that the bill actually has a better chance than most of actually getting to the floor and passing. But there will be others fighting against it, and a similar bill needs to get through the Senate as well, though that seems likely. If it can get through Congress, it seems like that the administration will support it, but that's not definite.

Honestly, the best thing about this is that, contrary to our expectations after the America Invents Act passed, patent trolling behavior became so egregious that Congress was actually willing to step back into this issue. That suggests that if the activity does continue, Congress will actually address it at some point. That's a good thing, and as EFF notes, we have the patent trolls to thank for that.

from the urls-we-dig-up dept

Biology has already figured out how to capture and use solar energy, so it makes some sense that we could try to re-purpose natural mechanisms to do our bidding and fulfill our energy needs. The trick is doing it on a scale that works economically. Plenty of scientists are working on ways to produce biofuels, but so far, the amount of biofuel used commercially is a rounding error compared to the volume of petroleum products that is burned. Still, here are just a few examples of biofuels that could be promising alternatives to burning dinosaur remains.

from the take-part dept

Elisa Kreisinger, an artist who makes strong use of fair use for remixing in her art, and refers to herself as a "pop culture pirate," has put together a survey about how people use fair use. Since many of our readers here have experience with fair use, we urge you to take part in the survey. It's especially targeted at creators who have to deal with fair use on a regular basis.

Remixers are not pirates or lawbreakers. We actually make some of the best (not to mention funniest and most entertaining) examples of Fair Use in action. But we need to know the law, our rights under it and assert these rights when needed.

We’re at a pivotal point in remix culture: artists and creators and makers have a working understanding of Fair Use; we talk about at conferences, on Twitter and of course on YouTube. But for all the talk, we’re still confused about how to use it and our Fair Use work is continually threatened by takedowns and copyright violations. As a result, when forced to defend or dispute the legality of our work, we often succumb to myths that favor the copyright holder over ourselves as creators. MyEyebeam/Public Knowledge installation, Fair Use(r), seeks to shed light on this dynamic through crowd sourcing data on artists experiences’ negotiating Fair Use in remix culture. Anyone can participate, starting today, right here.

As she notes, this is part of a new art project she's working on, as an artist-in-residence for Eyebeam and Public Knowledge. The survey itself is only open for another day or so, so please take the time to fill it out and share your experiences with fair use.

from the there's-nothing-to-support-that dept

Two weeks after Edward Snowden's first revelations about sweeping government surveillance, President Obama shot back. "We know of at least 50 threats that have been averted because of this information not just in the United States, but, in some cases, threats here in Germany," Obama said during a visit to Berlin in June. "So lives have been saved."

In the months since, intelligence officials, media outlets, and members of Congress from both parties all repeated versions of the claim that NSA surveillance has stopped more than 50 terrorist attacks. The figure has become a key talking point in the debate around the spying programs.

"Fifty-four times this and the other program stopped and thwarted terrorist attacks both here and in Europe -- saving real lives," Rep. Mike Rogers, a Michigan Republican who chairs the House Intelligence Committee, said on the House floor in July, referring to programs authorized by a pair of post-9/11 laws. "This isn't a game. This is real."

But there's no evidence that the oft-cited figure is accurate.

The NSA itself has been inconsistent on how many plots it has helped prevent and what role the surveillance programs played. The agency has often made hedged statements that avoid any sweeping assertions about attacks thwarted.

A chart declassified by the agency in July, for example, says that intelligence from the programs on 54 occasions "has contributed to the [U.S. government's] understanding of terrorism activities and, in many cases, has enabled the disruption of potential terrorist events at home and abroad" -- a much different claim than asserting that the programs have been responsible for thwarting 54 attacks.

NSA officials have mostly repeated versions of this wording.

When NSA chief Gen. Keith Alexander spoke at a Las Vegas security conference in July, for instance, he referred to "54 different terrorist-related activities," 42 of which were plots and 12 of which were cases in which individuals provided "material support" to terrorism.

And in a recent letter to NSA employees, Alexander and John Inglis, the NSA's deputy director, wrote that the agency has "contributed to keeping the U.S. and its allies safe from 54 terrorist plots." (The letter was obtained by reporter Kevin Gosztola from a source with ties to the intelligence community. The NSA did not respond when asked to authenticate it.)

Asked for clarification of the surveillance programs' record, the NSA declined to comment.

"Would you agree that the 54 cases that keep getting cited by the administration were not all plots, and of the 54, only 13 had some nexus to the U.S.?" Leahy said at the hearing. "Would you agree with that, yes or no?"

"Yes," Alexander replied, without elaborating.

It's impossible to assess the role NSA surveillance played in the 54 cases because, while the agency has provided a full list to Congress, it remains classified.

Officials have openly discussed only a few of the cases (see below), and the agency has identified only one -- involving a San Diego man convicted of sending $8,500 to Somalia to support the militant group Al Shabab -- in which NSA surveillance played a dominant role.

The surveillance programs at issue fall into two categories: The collection of metadata on all American phone calls under the Patriot Act, and the snooping of electronic communications targeted at foreigners under a 2007 surveillance law. Alexander has said that surveillance authorized by the latter law provided "the initial tip" in roughly half of the 54 cases. The NSA has not released examples of such cases.

After reading the full classified list, Leahy concluded the NSA's surveillance has some value but still questioned the agency's figures.

"We've heard over and over again the assertion that 54 terrorist plots were thwarted" by the two programs, Leahy told Alexander at the Judiciary Committee hearing this month. "That's plainly wrong, but we still get it in letters to members of Congress, we get it in statements. These weren't all plots and they weren't all thwarted. The American people are getting left with the inaccurate impression of the effectiveness of NSA programs."

The origins of the "54" figure go back to a House Intelligence Committee hearing on June 18, less than two weeks after the Guardian's publication of the first story based on documents leaked by Snowden.

At that hearing, Alexander said, "The information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world." He didn't specify what "events" meant. Pressed by Rep. Jim Himes, D-Conn., Alexander said the NSA would send a more detailed breakdown to the committee.

Speaking in Baltimore the next week, Alexander gave an exact figure: 54 cases "in which these programs contributed to our understanding, and in many cases, helped enable the disruption of terrorist plots in the U.S. and in over 20 countries throughout the world."

But members of Congress have repeatedly ignored the distinctions and hedges.

The websites of the Republicans and Democrats on the House Intelligence Committee include pages titled, "54 Attacks in 20 Countries Thwarted By NSA Collection."

And individual congressmen have frequently cited the figure in debates around NSA surveillance.

Rep. Lynn Westmoreland, R-Ga., who is also on the House Intelligence Committee, released a statement in July referring to "54 terrorist plots that have been foiled by the NSA programs." Asked about the figure, Westmoreland spokeswoman Leslie Shedd told ProPublica that "he was citing declassified information directly from the National Security Agency."

Rep. Brad Wenstrup, R-Ohio, issued a statement in July saying "the programs in question have thwarted 54 specific plots, many targeting Americans on American soil."

Rep. Joe Heck, R-Nev., issued his own statement the next day: "The Amash amendment would have eliminated Section 215 of the Patriot Act which we know has thwarted 54 terrorist plots against the US (and counting)." (The amendment, which aimed to bar collection of Americans' phone records, was narrowly defeated in the House.)

Mike Rogers, the Intelligence Committee chairman who credited the surveillance programs with thwarting 54 attacks on the House floor, repeated the claim to Bob Schieffer on CBS' "Face the Nation" in July."You just heard what he said, senator," Schieffer said, turning to Sen. Mark Udall, D-Colo., an NSA critic. "Fifty-six terror plots here and abroad have been thwarted by the NSA program. So what's wrong with it, then, if it's managed to stop 56 terrorist attacks? That sounds like a pretty good record." Asked about Rogers' remarks, House Intelligence Committee spokeswoman Susan Phalen said in a statement: "In 54 specific cases provided by the NSA, the programs stopped actual plots or put terrorists in jail before they could effectuate further terrorist plotting. These programs save lives by disrupting attacks. Sometimes the information is found early in the planning, and sometimes very late in the planning. But in all those cases these people intended to kill innocent men and women through the use of terror."

Rep. James Lankford, R-Okla., went even further in a town hall meeting in August. Responding to a question about the NSA vacuuming up Americans' phone records, he said the program had "been used 54 times to be able to interrupt 54 different terrorist plots here in the United States that had originated from overseas in the past eight years. That's documented."

The same day, Rep. Jim Langevin, D-R.I., who sits on the Intelligence Committee, defended the NSA at a town hall meeting with constituents in Cranston, R.I. "I know that these programs have been directly effective in thwarting and derailing 54 terrorist attacks," he said. Asked about Langevin's comments, spokeswoman Meg Fraser said in an email, "The committee was given information from NSA on August 1 that clearly indicated they considered the programs in question to have been used to help disrupt 54 terrorist events. That is the information the Congressman relied on when characterizing the programs at his town hall."

Wenstrup, Heck and Lankford did not respond to requests for comment.

The claims have also appeared in the media. ABC News, CNN and the New York Times have all repeated versions of the claim that more than 50 plots have been thwarted by the programs.

The case of Basaaly Moalin, the San Diego man convicted of sending $8,500 to Somalia to support Al Shabab, the terrorist group that has taken responsibility for the attack on a Kenyan mall last month. The NSA has said its collection of American phone records allowed it to determine that a U.S. phone was in contact with a Shabab figure, which in turn led them to Moalin. NSA critic Sen. Ron Wyden, D-Ore., has argued that the NSA could have gotten a court order to get the phone records in question and that the case does not justify the bulk collection of Americans' phone records.

The case of Najibullah Zazi, who in 2009 plotted to bomb the New York subway system. The NSA has said that an email it intercepted to an account of a known Al Qaeda figure in Pakistan allowed authorities to identify and ultimately capture Zazi. But an Associated Press examination of the case concluded that, again, the NSA's account of the case did not show the need for the new warrantless powers at issue in the current debate. "Even before the surveillance laws of 2007 and 2008, the FBI had the authority to -- and did, regularly -- monitor email accounts linked to terrorists," the AP reported.

A case involving David Coleman Headley, the Chicago man who helped plan the 2008 Mumbai terrorist attack. Intelligence officials have said that NSA surveillance helped thwart a subsequent plot involving Headley to attack a Danish newspaper. A ProPublica examination of that episode concluded that it was a tip from British intelligence, rather than NSA surveillance, that led authorities to Headley.

A case involving a purported plot to attack the New York Stock Exchange. This convoluted episode involves three Americans, including Khalid Ouazzani of Kansas City, Mo., who pleaded guilty in 2010 to bank fraud, money laundering, and conspiracy to provide material support to Al Qaeda. An FBI official said in June that NSA surveillance helped in the case "to detect a nascent plotting to bomb the New York Stock Exchange." But no one has been charged with crimes related to that or any other planned attack. (Ouazzani was sentenced to 14 years last month.) The Kansas City Star reported that one of the men in the case had "pulled together a short report with the kind of public information easily available from Google Earth, tourist maps and brochures" and that his contact in Yemen "tore up the report, 'threw it in the street' and never showed it to anyone." Court records also suggest that the men in Yemen that Ouazzani sent over $20,000 to may have been scamming him and spent some of the money on personal expenses.

For more from ProPublica on the NSA, read about the agency's campaign to crack Internet security, a look at the surveillance reforms Obama supported before he was president, and a fact-check on claims about the NSA and Sept. 11.

from the so-much-for-privacy dept

One of the key reasons many people support Bitcoin is that it's supposed to be anonymous, like cash. However, Sean Percival today wrote about how he received a phone call from his bank, because "they detected Bitcoin related transactions," and they asked him if it was for personal use or business. And, no, it wasn't because of some concern about fraud. Percival clarified that it was just about Bitcoin, and said they wanted to know about "a spike in activity" with merchants like Coinbase. He later confirmed that it was not even from the fraud department. Percival does not name the bank, other than to say that it's "one of the biggies." It will be interesting to see if this becomes a regular thing, and whether or not it'll become yet another path for government officials to try to track Bitcoin usage.

from the says-a-lot dept

Another day, another foreign country realizing that the NSA is spying on its leadership. This time around, it's Germany, where Chancellor Angela Merkel, alerted to the possibility by reporters working on Snowden documents for Spiegel, called President Obama to confront him about evidence that the NSA was monitoring her mobile phone calls.

During her conversation with Obama, Merkel expressed her expectation that "US authorities would provide an explanation about the possible extent of such surveillance practices, and thus answer questions that the German government already posed months ago," Seibert said.

"As a close ally of the United States of America, the German government expects a clear contractual agreement on the activities of the agencies and their cooperation," he added.

Of course, as with similar revelations recently concerning Brazil, France and Mexico, none of this should really be all that surprising. Spying agencies spy on top elected officials and bureaucrats in other countries all the time. It's what they do. A lot of the reaction to getting caught is just political theater. It's embarrassing, but not nearly as big a deal as governments spying on citizens. That said, the amusing bit is this:

"The President assured the Chancellor that the United States is not monitoring and will not monitor the communications of Chancellor Merkel."

Oh, and this:

The spokeswoman did not wish to specify whether this statement applied to the past.

Yup. Genius move by the White House spin doctors there. Say we're not monitoring and won't in the future, calling that much more attention to the question of "in the past" and then refuse to make any statements about that.

Recent articles published in the French newspaper Le Monde contain inaccurate and misleading information regarding U.S. foreign intelligence activities. The allegation that the National Security Agency collected more than 70 million “recordings of French citizens’ telephone data” is false.

While we are not going to discuss the details of our activities, we have repeatedly made it clear that the United States gathers intelligence of the type gathered by all nations. The U.S. collects intelligence to protect the nation, its interests, and its allies from, among other things, threats such as terrorism and the proliferation of weapons of mass destruction.

It's all semantics, whether the NSA's defenders are discussing abilities vs. authority or whether or not a collection occurred "under this program." In this case, Clapper takes a convoluted statement ("recordings… of telephone data") and chooses to present both allegations (collected phone data/recorded calls) as completely false by cherry-picking a single badly written (or translated) sentence.

When the story first broke, there was some confusion as to whether the NSA had recorded 70 million calls or simply collected metadata, in part due to the wording used by Le Monde. The Washington Post clarified this by pointing out that the NSA collected metadata on 70 million phone calls and intercepted certain calls to certain phone numbers. Even Le Monde itself broke this down further, highlighting the fact that the NSA utilized a handful of collection processes.

"The agency has several collection methods," Le Monde said. "When certain French phone numbers are dialled, a signal is activated that triggers the automatic recording of certain conversations. This surveillance also recovers SMS and content based on keywords."

Clapper addresses none of these activities and simply focuses on the one sentence that gives him plausible (and convoluted) deniability.

In essence, the foreign collection (although, in the NSA's hivemind, a collection doesn't actually occur until an agent searches the, uh, collected data) is almost identical to the NSA's Section 215 collections. Vast amounts of metadata grabbed simply because there's no legal basis preventing it.

The rest of his statement is mostly true -- almost every country spies on other countries. This has been the status quo for years, and while the French government has made lots of noise about this recent leak, it seems to be largely using this as an opportunity to reroute outrage and criticism away from its own domestic spying.

The constant refrain of "terrorism" and "WMDs" is to be expected as well, but it hardly explains the repeatedly surfacing evidence that the agency also spies on foreign corporations, something that sounds more like industrial espionage than ensuring national security.

Clapper winds things up by telling readers France and America are still best friends and, somewhat chillingly, "we will continue to cooperate on security and intelligence matters going forward." I know this is probably meant to sound like a cheery "we'll give you a head's up if we need your citizens' phone data," but given the cozy relationship the NSA has with the UK's GCHQ and others, it sounds more like "we'll show you ours if you'll show us yours." Nations cooperating on security matters seems like a good idea, but when a government begins sharing the unfiltered results of its domestic surveillance with foreign nations while requiring little more than a "gentleman's agreement" that the data won't be abused, it's time to start worrying again.

from the medicines-for-the-mind dept

Techdirt has run several stories about the difficulties students in emerging economies have when it comes to buying expensive study materials. Back in 2012, Costa Rican students took to the streets to defend their right to photocopy otherwise unaffordable university textbooks. Earlier this year, Indian textbook authors asked for a lawsuit brought by Western publishers against Delhi University and a nearby photocopying shop over alleged infringements to be dropped. A common element to those two stories is that students often resort to making photocopies of books, since they can't afford the originals. According to this story from Calcutta's The Telegraph, it seems that the Indian government wants to turn the practice into a recognized right:

India will seek changes to international copyright regulations so that students and researchers can procure photocopies of expensive books without having to pay royalties, a senior government source said.

Come December, he said, the Union human resource development ministry will ask the World Intellectual Property Organisation (Wipo) to relax its norms that protect authors' and publishers' commercial rights over their books.

The ministry will suggest at the next general assembly of Wipo, a UN body with 185 nations as members, that educational and research institutions be exempted from the copyright regime.

That's a pretty bold move, and it will be interesting to see the details. But it is certainly in keeping with India's successfulattempts to make vital medicines available to its people at prices they can afford, despite what the patent-holders might want. In some ways, this new plan is an extension of that idea, since it recognizes that some things -- like medicine or knowledge -- are simply too important for developing countries to be kept locked up by Western monopolists.

from the oh-really-now? dept

As anyone who followed the SOPA fight remembers, GoDaddy was an early (and vocal) supporter of SOPA. This was mainly the work of its General Counsel, Christine Jones, who (prior to SOPA specifically being released) testified before Congress in support of a law sounding very much like SOPA (supporting making search engines, service providers, credit card companies and others liable). When SOPA was released, she wrote an op-ed strongly in favor of it for Politico (who appear to have made it disappear), calling the bill "a welcome step in the right direction." She did this even though -- under the bill's initial definition -- GoDaddy itself was clearly "dedicated to theft of property."

As you probably remember, the internet backlash was strong, and GoDaddy had to drop its support, giving the company a major black eye. Since then, a very large percentage of the management team has changed, including Jones, who left the company a few months after SOPA collapsed.

Christine made it a priority to establish Go Daddy as a leader in the fight to make the Internet better and safer for users, particularly children. She has testified numerous times before U.S. Congressional Committees in Washington, D.C. about various issues related to the Internet. She also helped drive federal Internet-related legislation, including laws to keep the Web safe from child predators and rogue online pharmacies. For example, she helped push through bills such as the Ryan Haight Online Pharmacy Consumer Protection Act, the Protect Our Children Act, and the Keeping the Internet Devoid of Sexual Predators Act. These bills were signed into law by President Bush in October 2008 and have been used by law enforcement and others to shut down illegal online drug sellers and to prosecute online child predators.

Nothing about SOPA, you see. But she does highlight these kinds of grandstanding laws that have great titles that sound like they're trying to make the internet safer from evil things like fake drugs and sexual predators. In reality, most of these bills have done nothing particularly useful. That's because they were all about getting headlines so politicians could claim they were doing something about some "big problem" without tackling the actual underlying problems. In some cases, they have serious problems. The "Keeping the Internet Devoid of Sexual Predators" made all registered sex offenders register their emails in a weak attempt to keep them off of social networks (even when the "offenders" did not have a history of being predators or anything like that).

These are the kinds of bills that someone supports because they want more political cred, not because they have any interest in actually solving real problems. Either way, it just seems really wrong for a person who was heavily involved in supporting SOPA in the early days to now be running for political office arguing that she was focused on making the internet "a better place."

from the simple-questions dept

Over the past few decades, one thing that's been fairly consistent coming from the legacy entertainment industry is this incredible blind faith in the claim that "if only the public were more educated about copyright law, piracy would go away." This mantra never goes away. This was the stated rationale behind the RIAA's many thousands of lawsuits against individuals. It's been the stated rationale behind programs like six strikes and Hadopi. And it's the reason behind a series of ridiculousschoolpropagandaprograms, the latest of which (which doesn't appear much different from past versions) is being rightfully mocked.

Of course, as we've noted over and over again, there is almost no indication at all the "problem" the industry faces is an education problem. Instead, it appears to be a problem of their own making, in that they refuse to recognize what the public is demanding, and thus are failing to deliver the product properly. Furthermore, this focus on "education" has never been shown to work. Past attempts to educate school kids resulted in kids rolling their eyes and verbally mocking such obvious propaganda. Furthermore, historical attempts at "educating" people not to copy have never worked. And that's because it's never actually been an education problem. Sure, many in the public may not be fully educated on the ins and outs of copyright law. But, that's generally not why they're engaging in unauthorized access to content. They're doing it because they want to see/hear/read/run/play the content, and often that's the most convenient way.

This incredible disconnect by the MPAA is exceptionally clear in the actions the MPAA was taking in its legal fight against IsoHunt, right before the two sides agreed to a silly $110 million settlement that will never be paid. Right before that settlement, TorrentFreak had a great article mainly discussing the MPAA's nearly apoplectic desire to avoid letting the jury hear anything about (the lack of) actual damages arising from IsoHunt. It was an interesting story, though not quite as sensationalistic as the original article suggests. The MPAA is actually legally correct in arguing that one of the key points for having statutory damages is so that the copyright holder doesn't have to go through the process of determining actual damages. I (and many others) have serious problems with the whole concept of statutory damages for this very reason -- because it seems absurd to order incredibly high damages when no actual harm was done -- but that is what the current law is.

That said, I think the story is more interesting because of a few other points. First, the MPAA totally misrepresented the law and what IsoHunt was arguing. The MPAA was correct in noting the nature of statutory damages, but took it out of context concerning that lawsuit. The MPAA would have been correct if IsoHunt was using the effort to research actual damages to try to get out from paying any damages. But it was not. IsoHunt had already lost that part of the lawsuit, and it was clear that the company was going to have to pay something. The question was how much.

IsoHunt was arguing, quite reasonably and well within the law, that in helping the jury determine where in the wider range of statutory damages the award should end up, it would be helpful to look at actual damages. That's perfectly reasonable. As it stands, a jury can award between $750 and $150,000 per infringement. All IsoHunt was arguing is that some showing of actual damages is reasonable for the jury to learn about to determine where in that rather large range the award should fall. That's both within the law and reasonable.

But much more insane and questionable was the MPAA's conduct in trying to pile on many more infringements after the fact. The case itself revolved around a claim of infringement of 44 different movie files, which IsoHunt was found guilty of "inducing." We have serious issues with the idea that a third-party software provider should be found guilty for the actions of its users, but, given that the court has already decided this, the range of statutory damages should clearly be based on those 44 files. Instead, however, at the very last minute, the MPAA added 3,903 more files to the list (3,190 of which are TV shows instead of movies) and said the statutory damages should be calculated on each of those files. That jacked up even the minimum statutory award from $33,000 to $2.96 million. And moved the maximum up from $6.6 million to $592 million. At that rate, $110 million looks like a "bargain."

But -- and this is the important part -- at no point has anyone, including the MPAA, proved in a court that IsoHunt "induced" the infringement of all of those files. In fact, as IsoHunt notes, they barely had any time to process the details of those files. In July, the MPAA suddenly announced that it was adding a bunch of files that weren't reviewed during the trial stage. It then refused to tell IsoHunt what those files were until September 16, when it provided it with a massive list of 4,145 files, barely giving IsoHunt any time at all to review all of those claims to see if they were legit. Furthermore, IsoHunt pointed out that, just in looking through the list and grabbing random samples, it found numerous examples where "the claimed infringement does not match the claimed work."

It should seem obvious that it's a massive abuse of basic due process to try someone over a specific legal infraction, and then only after the fact, at the point where damages are assessed, to magically add in thousands of more alleged infringements, which were never actually reviewed during the trial. And that's especially true in copyright cases, where different files may have different fact patterns and different defenses.

So why is the MPAA doing this? Even the judge in the case is befuddled, but the MPAA has its reason: education.

Even the judge was confused why the MPAA wanted to pile on so many extra files when it was clear that it wouldn't make a difference. The transcript reveals the whole "we want to learn them internet folks" mentality coming from the MPAA's lawyers:

THE COURT: What do you estimate to be the resources of [Defendants]? . . . What do you suspect?

PLAINTIFF’S COUNSEL: Based on our estimate, Your Honor, we believe a couple to a few million dollars would exhaust Mr. Fung's or defendants' ability to pay...

PLAINTIFF’S COUNSEL: A couple to a few million dollars would exhaust defendants' --

THE COURT: Does that mean, like $2 million --

PLAINTIFF’S COUNSEL: Two million dollars to $4 million, $5 million at the most.

THE COURT: So why are you making such a fetish about 2,000 or 3,000 or 10,000 or 100 copyrights?

MR. FABRIZIO: Your Honor, the purpose of statutory damages is not only to seek compensation from the defendants, extraordinarily important purpose is to create -- send a message to other would-be infringers like defendants, and there are thousands of them....
THE COURT: But if you strip him of all his assets -- and you're suggesting that a much lesser number of copyrights would accomplish -- copyright infringements would accomplish that, where is the deterrence by telling the world that you took someone's resources away because of illegal conduct entirely or 50 times over?

But this is how the legacy entertainment industry guys think -- and it (once again) shows how out-of-touch and clueless they are. In the past, they've made this same argument in trying to justify the massive awards courts ordered against Jammie Thomas-Rasset and Joel Tenenbaum. The highly compensated lawyers think that awards of many millions of dollars (or over $100 million against companies like IsoHunt and Limewire) help "educate" people away from such things by scaring them.

But what they don't realize is that this strategy almost certainly backfires badly every single time. That's because the money is too high. To average people making average amounts of money (i.e., not the lawyers the RIAA and MPAA hires, nor the execs from either of those organizations), millions of dollars is not a large number that is scary. It's an inconceivable abstract concept. It's so insane to actually feel unrealistic. It has no deterrent factor, because it's incomprehensible. Your average person doing some random file sharing recognizes that having to pay over a million dollars for such actions is so patently ridiculous that it doesn't even register as being something to be afraid of. It's not realistic.

You don't "educate" people with such high numbers. It's only the money-obsessed RIAA and MPAA that think the higher the number, the scarier the message, and the more effective the education. The reality is quite different. It just makes people respect those organizations less, and find the entire legal effort completely surreal and detached from reality. The RIAA and MPAA have gotten these types of awards before, and it has had no real impact. People continue to access unauthorized content, and new platforms and services (often harder to track down) pop up every single time one of these sites gets shut down.

The MPAA thinks that it has to keep ratcheting up the "education" by seeking ever more ridiculous numbers, but at what point do they realize this doesn't work and has never worked? When the "punishment" seems perfectly absurd to anyone with common sense, and tactics like piling on thousands of extra infringements not mentioned in the trial raise significant questions of due process and fairness, all the MPAA is doing is making sure that people have less respect and less interest in actually paying attention to the details of copyright law, because the MPAA (along with the RIAA) has worked so damn hard to "educate" the world that the punishments associated with copyright law make absolutely no sense.

from the the-same-goddamn-hammers-used-every-time dept

A recent copyright infringement (+ "threat to national security") lawsuit filed by a government contractor against its former employee highlights two terms the government frequently fears: open source and hacking.

Open source software (especially free open source software) is often portrayed by government officials as inherently unsafe to deploy. If anyone can see the source code then surely anyone can exploit it, they state. This is institutional resistance is aided greatly by companies like Microsoft who would prefer to see lucrative software licensing contracts continue indefinitely. Not that "closed source" software is any more secure, as Microsoft itself (along with Adobe) can certainly attest. But that irrational fear remains, and greatly hinders the adoption of open source software by government agencies.

Hacking is another of the government's favorite boogeymen. The oft-abused CFAA has turned exploration of software and systems into a crime. The government uses the words "hacking" and "hacker" almost exclusively to denote criminal activities and criminals. This continues long after the words have entered the mainstream to reflect positive activities. (See also: the extremely popular Lifehacker website; any number of events with the word "-hack" appended that result in extremely constructive outcomes.)

Andreas Schou brought this restraining order granted by an Idaho judge to many people's attention on Google+. (H/T to unnamed Techdirt reader for the submission.) It's an ultra-rare "no notice" restraining order that resulted from a wholly ex parte process involving only the plaintiff, government contractor Battelle Energy Alliance. The restraining order allowed Battelle to seize its former employee's computer, as well as prevent him from releasing the allegedly copied software as open source.

Schou details how he heard about the case.

Yesterday afternoon, my good friend (and former client) got a panicked call from his wife. Attorneys for the government contractor he formerly worked for had showed up at his door with some sort of order, demanding to be let in to seize his computers. While his wife was held out on the lawn by private attorneys, the contractor's counsel tried to call in the sheriff to -- I guess -- break down his door.

My first thought, obviously, was: this is all some sort of misunderstanding. Because Corey [Thuen] -- who's a professional security researcher -- has worked for the government his entire career, both at the FBI and as a security researcher specializing in SCADA systems, cyberterrorism, and critical infrastructure. He's a straight-laced, church-attending guy with three kids and an admittedly strange job.

And here's what he's been accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.

The arguments made in Battelle's original complaint were bought almost in their entirety by Judge B. Lynn Winmill. Battelle claims copyright infringement, citing Corey Thuen's software, Visdom, resembles its own Sophia software. As evidence of this, it offers the following:

- Thuen worked on Sophia and had access to the code. - Visdom's name is remarkably similar to Sophia. (The short version: Sophia is the goddess of wisdom. Wisdom/VISDOM.) - There's no way Thuen could have come up with his own program in such a short period of time without copying substantial amounts of Sophia's code.

Battelle also points out that Thuen's company, Southfork, made a bid to license Sophia but withdrew it a short while later, inferring that Thuen's allegedly infringing copy made licensing software an unneeded expense. (Thuen's response claims that Southfork withdrew its bid when it became apparent Battelle wasn't interested in pursuing an open source option.)

Schou points out that if Battelle had done any due diligence, it would have realized that its infringement claim -- especially the claim that Thuen couldn't have created competing software in that time frame without copying Sophia -- is just plain wrong.

Somehow, despite spending a great deal of money on a BigLaw firm and getting an unprecedented ex parte order for the seizure of critical business infrastructure, they didn't check Github. And if they had, they'd have found out that the open-source project is built in a different language, using open libraries. They'd have been able to check the code commits to look at the period the software was written in.

And they wouldn't have sued to begin with.

Thuen breaks it down even more simply in his response:

Visdom, unlike Sophia, makes heavy use of third party open source libraries to accomplish many of the tasks for which the Sophia development team had to write code ourselves. An example for illustration: as part of my work on Sophia, I created a scrollbar from scratch, which means I had to implement the click and drag behavior (along with buttons) that causes a scrollbar to do what the average user expects a scrollbar to do. Visdom, on the other hand, builds on top of other, third party components that make scrollbars inherent. In other words, on Sophia development I spent significant time creating basic components to a user interface, whereas Visdom did not require such efforts. Visdom's heavy use of open source libraries facilitated its development in a matter of several months.

As Schou states, it's also written in a completely different coding language. Battelle and its representation may think it's just a simple copy-paste job to "port" software from one language to another, but Thuen dismantles this misperception.

Visdom was written in HTML, Javascript, and Go. As previously mentioned, Sophia was written in C. Visdom is not a translation of Sophia from C to the languages in which Visdom is written. We did not have the Sophia code when we created Visdom.

Further, a program written in one programming language cannot be cut-and-pasted into another programming language. Programming languages have different lexicographical grammars. As an example, if I'm writing code in C I have to deal with memory management; I have to keep track of the resources used by my programs. Javascript has no such concept, and any C code that does these functions would be impossible to translate into Javascript. Further, Javascript is an interpreted language and C is a compiled language. In other words, C creates software that runs on hardware, whereas Javascript creates software that runs in programs that run on hardware.

No two programmers who translate from one language to another, or from C to Javascript in particular, would produce the same output for any complex program. Those two languages, and their paradigms, are incompatible. A program written in C will inherently solve the problem to which it is directed in a different way than a program directed at the same problem but written in Javascript.

In developing Visdom, I specifically avoided any code, modules, sequences, routines, structures, screenshots, or any other materials that may have constituted some part of Sophia, based on my knowledge of Sophia as of the end of my access to it on or about August 2, 2012. Visdom is intended to solve the same problems as Sophia, but it is not a copy of Sophia, just as an electric car is not a copy of a gas-powered car simply because both are used for the same purpose.

What the judge determined to be "adequate circumstantial evidence" to justify ordering a no-notice restraining order (which included the seizure of Thuen's computer -- because he's a "hacker" -- more on that in a bit) completely falls apart when confronted with technical knowledge and observable facts.

Thuen's project is still listed at github where anyone can view related information, including development time, commits and, most importantly, the source code itself, where anyone with the technical knowledge would have seen that a) it pulled from other sources to speed production and b) is written in a completely different language.

Unfortunately, Battelle also abused the term "hacking" to justify the seizure of Thuen's computer without notice. Its arguments in the original complaint quotes one of its own employees in support of its "if we notify him, he'll just wipe the hard drive" theory. The court cites this in its justification of the ex parte restraining order

[B]attelle asserts that defendants are likely to wipe the hard drives on Thuen's computer, thus destroying direct evidence of wrongdoing. Battelle suggests that either of these actions would render further prosecution of the lawsuit fruitless...

The Court finds it significant that defendants are self-described hackers, who say, "We like hacking things and we don't want to stop."

A well-known characteristic of hackers is that they cover their tracks… This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case...

The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants - in their own words - are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen's computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.

Your customers love you and you gain a little bit more peace of mind. We wouldn't mind bringing your people in to participate and see first-hand how an attacker views your system. We'd love to train ourselves out of a job.

Southfork will test system security when hired by a company specifically for that purpose. Battelle's filing attempts to spin Southfork's technical knowledge into a purely evil thing. According to Battelle, hackers are always adversaries, even when the company's own front page statement proclaims otherwise. Just because the knowledge is there doesn't mean it will only be deployed to cause damage. Thuen's response points out the flaw in this reasoning.

As a cybersecurity professional, I am aware of, and possess ability for, many “hacking” techniques that may be used in illegal ways, but I put them to use improving my customers’ security. In other words, I’m much like a locksmith who possesses the ability to pick a lock and uses his knowledge to help as a contributing member of society… In my career, I have held government clearances with the Federal Bureau of Investigation and the United States Department of Energy, which required me to pass multiple lie detector tests, psychological tests, extensive background checks, and other miscellaneous tests.

Battelle's goes even further than this in its complaint, painting Thuen's hacking ability and his "threat" to take his project open source as a danger to national security.

BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.

Given the nature of Sophia, Defendants' actions have implications for our national security. Defendants know of these implications but have ignored them.

Fortunately, this stretched argument doesn't weigh in the judge's restraining order, but it's still a part of Battelle's complaint against Thuen. This argument is baseless as well, relying heavily on the allegation that Thuen's code is Battelle's code. Theun points out the flaw in Battelle's portrayal of open source code as inherently dangerous.

I disagree with Battelle that security software like Sophia or Visdom cannot be open source because then hackers would have access to the source code. Security systems are better served by being open source so that complicated things, like cryptographic algorithms and implementations, can be reviewed by independent expert auditors rather than sitting behind smoke screens. The plethora of open source software used in secure systems today completely debunks the notion that you cannot have valuable and secure software that is also open source…

In the statements dealing with irreparable harm, Battelle claims it wouldn't be able to compete with Southfork's Visdom if Thuen chose to give it away (earning money from support packages and custom modules). Clearly, Battelle and its lawyers are unaware that top selling programs like Microsoft Office (LibreOffice) and Photoshop (GIMP) compete with fully-featured (and open source) free programs all the time.

There are many more flawed arguments in Battelle's filing, but it appears that both the plaintiff and the presiding judge had just enough knowledge between them to reach a bad conclusion. Thuen's response tackles every accusation from Battelle's complaint, punching some big holes in its filing. Unfortunately, the court decided to handle this ex parte and is only now aware of the weaknesses of Battelle's allegations.

What this looks like is a government contractor hoping to shut down a competitor by deploying two "chilling" favorites: copyright infringement and "threats to national security." It also hurts itself by falling for government FUD -- "open source is dangerous" and "hackers are bad" -- both of which contributed to the general level of failure contained in its complaint.

"The scrutiny that the NSA has come under filters down to us," [Georgia Bureau of Investigation Director Vernon] Keenan said at the annual gathering that draws top law enforcement from the United States and elsewhere with workshops, product exhibits and conferences.

For many new technologies, there is no clear legal standard to govern their use, he said.

"If we are not very careful, law enforcement is going to lose the use of technology," he said.

Additional care in the future would be nice, considering many law enforcement entities, from local police departments to the FBI, have deployed surveillance programs and data collection technology with minimal oversight and few, if any, guidelines for use. Periods for public comment seem to be an afterthought, something usually considered only after the public has raised objections to already-deployed programs.

What should have been the approach taken in the past looks to be the route law enforcement will have to take in the future, according to Philadelphia Police Chief Charles Ramsey.

"Imagine instead of driving down the street scanning license tags, driving down the street checking the faces of individuals walking down the street," Ramsey said.

"We have to remind ourselves - just because we can do something doesn't mean we should do it."

Both FBI Director James Comey and US Attorney General Eric Holder are scheduled to speak at the conference. We'll see if this tone changes after these two handle the mic. The FBI's track record on deploying privacy-invading technology with no rules or regulations has been particularly atrocious, with some of its actions skirting legality altogether. The FBI should be leading by example but, like the NSA and its defenders, it seems to be more concerned with finding new and creative justifications for its invasive surveillance programs (like the biometric database it's building) rather than moving forward with more caution and respect for American civil liberties.

As for the law enforcement officials quoted, it's a shame that it takes a consistent barrage of leaked intelligence documents to make them realize that just because you can do something, doesn't mean you should do it.

from the no-joke dept

Perhaps like me, while you read all of our posts the past six months that had anything to do with Facebook, you missed the news that the social media site had instituted a policy specifically against sharing videos that featured human beings beheading other human beings. Granted, like for me, this may have fallen under your "I can't believe we need that, but okay" category, but indulge me for a moment as I ride the rollercoaster of oscilating views on the news that Facebook has recently rescinded this policy and will once again allow videos of beheadings to be shared, with only a few caveats.

The social network had introduced a temporary ban in May following complaints that the clips could cause long-term psychological damage. The US firm confirmed it now believed its users should be free to watch and condemn such videos. It added it was, however, considering adding warnings.

Reaction Stage 1: Emotional Outrage -- You evil Facebook bastards! How simple is it to understand that you shouldn't allow people to show decapa-frigging-tations. The very idea of large swaths of people watching that kind of thing is sickening. And to hell with your caveats; there is no discussion worth having about vile acts of violence and death beyond the complete rebuke of them. What good could this possibly serve?

"Facebook has long been a place where people turn to share their experiences, particularly when they're connected to controversial events on the ground, such as human rights abuses, acts of terrorism and other violent events," said a spokeswoman.

Reaction Stage 2: The Skeptical Deep Breath -- Okay, fine, that's a fair point. If social media sites are the water-cooler or social chamber of our time, then it makes sense that those discussions should be open to topics of controversey. After all, how do you discuss a beheading if you don't at least have the option to see what occurred. Still, this all sounds too close to people watching snuff films. Surely someone is going to have a problem with all this, right?

"It only takes seconds of exposure to such graphic material to leave a permanent trace - particularly in a young person's mind," said Dr Arthur Cassidy, a former psychologist who runs a branch of the Yellow Ribbon Program in Northern Ireland. "The more graphic and colourful the material is, the more psychologically destructive it becomes."

Facebook allows anyone aged 13 and above to be a member.

Reaction Stage 3: Think Of The Damned Children -- Screw the fair points. How the hell could this possibly be deemed responsible when Facebook allows newly-proclaimed teenagers to view this kind of material? Nobody is really in favor of teens watching people get their melons chopped off, are they? And is anyone really going to argue that there won't be some damage to some children if this kind of thing is allowed to propagate? What's supposed to keep kids from seeing this kind of violence?

The idea of Facebook issuing a blanket ban had, however, concerned some freedom-of-speech campaigners who had suggested it was the responsibility of parents - not the company - to protect children on the internet.

Reaction Stage 4: Oh, Yeah, The Stupid Parents -- Damn, I had forgotten about them. I guess it is up to parents to police their children's internet use and any unwillingness to do so shouldn't stifle the free speech of others. It's just that, well, so many parents suck at this part of their job. Still, that isn't the fault of people who are legitimately interested in these kinds of stories.

French digital rights group La Quadrature du Net said it was still concerned that Facebook was reserving the right to take down the videos if it took issue with the way they were presented.

"It shows how much Facebook is in power to decide whatever will or will not be expressed through its network," said the organisation's co-founder Jeremie Zimmermann. "It plays a profoundly anti-democratic role when it makes any such choice, whatever the limits are and whatever the good reasons it uses to make the decision. Only a judicial authority should be able to restrict fundamental freedoms according to the rule of law."

Reaction Stage 5: Reluctant Admission That Horrible Things Are The Reason Free Expression Is Important -- Yes, beheadings are terrible. As are violent attacks, terrorist attacks, bombings, war-crimes, and every other horrible action that we human beings commit against one another. But that is the reality of the world we live in. And if I'm confident about anything at all in this occasionally horrible world, it's that reacting to horror by placing your head in the sand doesn't work. There are those on this planet that believe in civil discourse, in peace, and in the possibility of harmony with our fellow human beings, and we deserve to know exactly how terrible the enemies of our cause are and to discuss their actions openly and honestly. A huge part of that means being able to see what we're dealing with. As I mentioned before, social media sites are our gathering places to discuss ideas, philosophies, and events. To stifle any part of that because the material at hand is uncomfortable to some would be a disservice. I don't even need to give examples of prior acts of violence that, thanks to their being on film, opened a larger number of people's eyes to important dangers than would have been otherwise.

In the end, I come back to the resting place that seems so familiar to me: more discussion, more access to information, more freedom of speech is always better in the end. Of course, now having ridden this roller coaster ride up and down the emotions, there is one other issue. How is it that beheadings are considered important to free speech, but breasts are such a problem that even breastfeeding is (at times) banned?

Where did your rollercoaster take you?

Update: Oh, and just as we post this, it comes out that Facebook has removed a beheading video. The roller coaster ride begins again.

from the hidden-in-plain-sight dept

The first six months of 2012 saw Europeans taking to the streets in order to kill off ACTA in the European Union. Against all the odds, they succeeded in that aim, as the European Parliament voted to reject ACTA on 4 July last year. That defeat has certainly been burned into the memories of Karel de Gucht, the EU Commissioner responsible for negotiating first ACTA and now TAFTA/TTIP. When he was asked whether the latter might see ACTA sneak in by the backdoor, here's what he replied:

"ACTA, one of the nails in my coffin. I'm not going to reopen that discussion. Really, I mean, I am not a masochist. I'm not planning to do that.

If the Commission advances new basic legislation, which I think she should, we will revisit the question, but I'm not going to do this by the back door".

In determining the amount of damages for infringement of intellectual property rights, a Party's judicial authorities shall have the authority to consider, inter alia, any legitimate measure of value the right holder submits, which may include lost profits, the value of the infringed goods or services measured by the market price, or the suggested retail price.

Those with good memories may recall that something similar was to be found in ACTA, and that it was one of the problematic areas that led the European Parliament to reject the treaty. In fact, it's not similar, it's word-for-word identical with Article 9, paragraph 1 of ACTA (pdf). And it's not the only section that's been cut-and-pasted from ACTA: several other paragraphs are also direct copies.

This raises an interesting question. At the moment, the EU-Singapore FTA has only been "initialled": that means it must still be approved by the European Commission, the Council of Ministers representing the member nations, and the European Parliament. So will the EU's MEPs reject the new trade agreement because it represents ACTA by the backdoor -- or at least a part of it? That seems unlikely.

But if the European Parliament does pass the EU-Singapore FTA, de Gucht might then argue that the same sections from ACTA can now be pasted into TAFTA/TTIP, since they are no longer problematic. And if he does so, perhaps he will be tempted to include a few more sections from ACTA, on the grounds that he is doing nothing "by the backdoor", but doing it in the full view of everyone....